|Web Console Display Name||Lucene Search Syntax||Field Description|
The country involved in the log activity:
The Country values are derived from the LogRhythm SIEM's GeoLocation feature.
The resolved host entities involved in the log data:
An Entity is a record that represents a logical grouping of LogRhythm SIEM or log objects in the SIEM. Administrators define Entities for security management and organization.
The geographic area involved in the log activity:
The Location values are derived from the LogRhythm SIEM's GeoLocation feature.
The region involved in the log activity:
The Region values are derived from theLogRhythm SIEM's GeoLocation feature.
The root entity (top-most entity) for a log source.
In the search syntax, provide the ID number that the root entity is mapped to in the LogRhythm Client Console, rather than the name of the root entity.
The resolved zone (Internal, External, or DMZ) that LogRhythm identified in the log activity:
Administrators assign zones in the Host records and Network records.